A new Eurobarometer survey shows that Internet users are very concerned about cyber security: 89% avoid disclosing personal information online, and 74% agree that the risk of becoming a victim of cybercrime has increased in the past year.

12% of internet users across the EU have already experienced online fraud, and 8% have fallen victim to identity theft. Nonetheless, 53% have not changed any of their online passwords during the past year.

"While ever more people are making the most out of the Internet and benefit from the digital economy, it is not surprising that security of personal information and online payments top the list of our concerns. What is more surprising is that only half of Europeans take effective measures to protect themselves from cybercrime", said Cecilia Malmström, EU Commissioner for Home Affairs.

The survey, covering a total of almost 27 000 people in all EU member states, shows a strong link between being informed about the risks of cybercrime and feeling confident online. A majority of those who feel confident in doing online banking or shopping say that they also feel well informed about cybercrime.

"Cybercriminals must not be allowed to disrupt our use of the Internet. The more we know about the risks and how to protect ourselves, the more we can truly maximise our digital lives", Cecilia Malmström said.

29% are not confident about their ability to use the internet for things like online banking or online purchases

59% do not feel well informed about the risks of cybercrime

40% are concerned about someone taking or misusing their personal data and 38% show concern about the security of online payments

In March of this year, the Commission proposed to set up a European Cybercrime Centre, or EC3, in 2013 to protect Europeans and businesses against mounting cyber-threats. The European Cybercrime Centre (IP/12/317 and MEMO/12/221) will focus on illegal online activities carried out by organised crime groups, especially attacks targeting e-banking and other online financial activities. The Centre will also seek to find ways to better protect social network profiles from e-crime infiltration and provide information and analysis to national law enforcement authorities. This will enable them to assist in the fight against online identity theft, child sexual abuse and exploitation and cyber-attacks affecting critical infrastructure and information systems in Europe.

The EC3 is to be operational in January of next year. The establishment of the centre is well underway at Europol headquarters in The Hague, including the construction of a cybercrime lab, the creation of around 30 full-time positions, and liaising with Member States who will contribute with experts to the centre. In the past months, Europol has also significantly increased its practical support to cybercrime investigations in Member States. As part of the development of the centre, contacts are being established with national cybercrime units in law enforcement as well as with cyber security and anti-virus actors in the private sector.

In September 2010, the European Commission presented a proposal for a Directive to deal with new cyber-crimes, such as large-scale cyber-attacks. It sets out concrete measures; including criminalising the creation and selling of malicious software and improving European police cooperation. The proposal aims to strengthen Europe's response to cyber disruptions and introduce new aggravating circumstances and higher criminal sanctions. This will aim to fight the growing threat and occurrence of large scale attacks against information systems more effectively.

Moving beyond these measures, the time has come for the EU to set out a vision of how security can be enhanced in cyberspace from a wider perspective. With this in mind, the Commission and the European External Action Service (EEAS) are currently preparing a European Strategy for Cyber Security. A comprehensive approach to cyber security will require the involvement not only of public authorities, but also of the private sector, which owns and operates the vast majority of the cyber infrastructures. The strategy will have to address a variety of policy fields that can be adversely affected by cyber security risks and threats. It will encompass measures addressing, among other things, infrastructure protection and cybercrime as well as external aspects such as the role of cyberspace in democratic movements and capacity building in third states.

Useful links

The cybercrime Eurobarometer in full, plus results for each EU member state